BKENTAVB.RVW 20001019 "The Enterprise Anti-Virus Book", Robert S. Vibert, 2000, 0-9687464-0-3, C$99.95 %A Robert S. Vibert rv@segurasolutions.com %C RR1, Braeside, ON K0A 1G0 %D 2000 %G 0-9687464-0-3 %I Segura Solutions Inc. %O C$99.95 fax: +1-613-623-1645 info@segurasolutions.com %P ~ 140 p. %T "The Enterprise Anti-Virus Book" It is very difficult to know what to say about this book. For one thing, it isn't really a book. It seems to be printed on a "one-off" basis on each request, and is in a constant state of modification. (It is printed on standard letter sized sheets, and "bound" in a 3- ring binder.) To the specific points that I raise in this review, the most common response from Segura was that the item would be addressed in a future edition. For another, the title, while not exactly wrong, needs some explanation. The introduction indicates (without really ever so stating) that this is a guide to buying antiviral software. It is similar to my own antivirus evaluation FAQ, although much more lengthy. More lengthy and much, much more complicated. There are 300 criteria on the checklist provided, and for each the user has to provide his or her own scoring and weighting system. Chapter one describes yardsticks for measuring antiviral vendors, and makes a very strong promotional push for an expectation of support from vendors and VARs (Value Added Resellers). Since Vibert has most recently worked as a reseller of antivirus software, this should come as little surprise. (Segura Solutions, in response to the draft of this review, were most upset that this statement might suggest that he or they have any commercial ties to resellers.) More important, however, is that while the book lists a great many appropriate questions to ask, there is very little content that would allow non- specialists to intelligently analyze the answers they might receive. Users should ask what kind of training resales agents have received, but what standard training is available? Again, users should ask whether the vendor provides up to date virus information, but there is no gauge of the quality of that information. Yes, the queries are apposite; they are, in fact, very similar to the questions I ask as I am doing reviews of antiviral software, but I've got many years of experience in determining what the answers mean, and how important they are in the overall context of both an antiviral system, and a given work environment. Readers of Vibert's book are left not only to puzzle out what answers might be "correct," but how compliant different answers are in relation to each other (and some absolute standard), and how important each question might be to the company or enterprise they are trying to protect. Some very vague and general discussions touch on a few of the points, but many questions are simply listed with no discussion whatsoever. The second chapter deals with general antiviral aspects. The discussion of antiviral actions and functions does cover a wide range, but explanatory information is very limited. It is interesting that the introduction makes the point that all enterprises are different, but the text implies that one antiviral will fit all users, and places an extremely heavy emphasis on real time (on-access) scanners. In a similar way, the statement is made that all certification tests should use at least 100 versions of every polymorphic virus. The number isn't justified in any way, and this assertion ignores the fact that polymorphs vary greatly: Whale has only thirty variations while Tremor has almost six billion. Much space is occupied by material copied from certification company Web sites. There is also some confusing contradiction: ICSA is first promoted, but two pages later is not listed as a reputable tester. No mention is made of the fact that ICSA charges vendors for certification, or the implications that fact might have. Chapter three states a concentration on desktop, or non-server, considerations, but duplicates much of the relevant material from chapter two. Again, the emphasis on certain subjects is odd: there is a large section on DOS TSRs (Terminate and Stay Resident programs) and only a terse mention of email. Chapter four then turns to server factors, but extraordinarily briefly. The section on antivirus deployment and maintenance has the largest checklist in the book. There is a great deal of duplication, at least in terms of the concepts touched on. There is not much organization. Once again, there are many questions, but little content to help the reader analyze answers. Email gets another mention in a chapter only four and a half pages long. The explanation of email operations is poor, and there is no discussion of the problem of "streaming" filtering at all. Chapter seven, on groupware, is really just a replay of a subset of email considerations. The last chapter, on firewalls, provides no background at all on firewall technology or types. For those who have some background knowledge of viruses and antiviral technology, this book will provide you with a checklist to ensure that you don't forget any points. It does, however, seem a rather expensive checklist, and you will still be left with the problem of how to weight and evaluate the mass of data you collect. For those without a conceptual foundation, this work is as likely to confuse as to assist. copyright Robert M. Slade, 2001 BKENTAVB.RVW 20001019